From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Jan 21 22:00:19 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A318C1065670 for ; Thu, 21 Jan 2010 22:00:19 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 92AE28FC1E for ; Thu, 21 Jan 2010 22:00:19 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id o0LM0J2H059230 for ; Thu, 21 Jan 2010 22:00:19 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id o0LM0J70059229; Thu, 21 Jan 2010 22:00:19 GMT (envelope-from gnats) Date: Thu, 21 Jan 2010 22:00:19 GMT Message-Id: <201001212200.o0LM0J70059229@freefall.freebsd.org> To: freebsd-ports-bugs@FreeBSD.org From: Arthur de Jong Cc: Subject: Re: ports/142963: [UPDATE] net/nss_ldapd: update to 0.7.2 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Arthur de Jong List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jan 2010 22:00:19 -0000 The following reply was made to PR ports/142963; it has been noted by GNATS. From: Arthur de Jong To: bug-followup@FreeBSD.org, freebsd@omnilan.de Cc: Subject: Re: ports/142963: [UPDATE] net/nss_ldapd: update to 0.7.2 Date: Thu, 21 Jan 2010 22:35:26 +0100 --=-UWOO0XvwyeEXUzM0vTLO Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable By chance I came across this page: http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/142963 which suggests that a security vulnerability has been found in nss-pam-ldapd 0.7.1. This is not correct. Release 0.7.2 does not fix any known security problems. The confusion is probably a result of this security advisory: http://arthurdejong.org/nss-pam-ldapd/news.html#20091122 The problem was fixed a in nss-ldapd version 0.6.11. At the time it was unclear that the previous behaviour had security implications. When this became clear a security advisory was issued. See the link above for more details. Anyway, thanks for packaging nss-pam-ldapd (though I don't fully understand the thing with rootbinddn). --=20 -- arthur - arthur@arthurdejong.org - http://arthurdejong.org -- --=-UWOO0XvwyeEXUzM0vTLO Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAABAgAGBQJLWMiHAAoJECqLdGgQ4K/BS0oQAJmxvILtg4j0vEnokI2iSb+G CMQxmVsgeGA3aim7kxW1//7gv02UVZi2aDwS0uC0CTG7JJt9fbjXRdxwuo7jgEOm SpYUOqJ9sBK93ZQisy+23XgK7OPcP4gnXUebxGzSIb6soHo3HOXEa6c9YEIgC0r0 EeWx0Fnvh6B9BTdjTKJ29OIpy8JiNAD6tAjJQHctQXsq8NCFE88veGDHerrLp598 3vsxCKn3rPEWnJ4GFOGZRSErZpU3iQ3YsNAC5AmH3KBM1KH1YJC9+UpCw4MCAavb GLwEafY7w/yESTyGDolKi3xyekEyfMlPbkzwBywNYjOjanHEyP/nKtq6+MTLVLfW DsXWLba2Ws4p/wlmYvbXlY2RTCbz98oXyzbhznicvfCTDUivjrTOL3J/3Ez57td0 o7RBbsSN4aTVg/Pv6HsKZeFubHudbnovULI3ThIpZ4NlM4S2Qk/AEngJT8c4SiIK qkvtm0Gbn2PtXKeFzBTeuLXTZb0Ca92fzkgAzwlSkmlUzSSFSFDciWM3T1KTGDu/ CEcRVkwLneGnsSwQynp0bZ95WHsR6Dxv3+IvAoKqH2eYaFV0MeBIloMkeZH/xifg rZdQ/S9omGCsWgrSxWRuKdWYFsrGZY4MKlY1guS0Egl7iw1Ckql+HWcEiZCNtlI+ ZnRWG/BU/bmt3hBxfduU =2ZPN -----END PGP SIGNATURE----- --=-UWOO0XvwyeEXUzM0vTLO--